ユーザーの種類と権限

トピック

WordPress uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site. A site owner can manage the user access to such tasks as writing and editing posts, creating Pages, creating categories, moderating comments, managing plugins, managing themes, and managing other users, by assigning a specific role to each of the users.

WordPress has six pre-defined roles: Super Admin, Administrator, Editor, Author, Contributor and Subscriber. Each role is allowed to perform a set of tasks called Capabilities. There are many capabilities including “publish_posts“, “moderate_comments“, and “edit_users“. A default set of capabilities is pre-assigned to each role, but other capabilities can be assigned or removed using the add_cap() andremove_cap() functions. New roles can be introduced or removed using the add_role() and remove_role() functions.

The Super Admin role allows a user to perform all possible capabilities. Each of the other roles has a decreasing number of allowed capabilities. For instance, the Subscriber role has just the “read” capability. One particular role should not be considered to be senior to another role. Rather, consider that roles define the user’s responsibilities within the site.

Summary of Roles Summary of Roles

  • Super Admin – somebody with access to the site network administration features and all other features. See the Create a Network article.
  • Administrator (slug: ‘administrator’) – somebody who has access to all the administration features within a single site.
  • Editor (slug: ‘editor’) – somebody who can publish and manage posts including the posts of other users.
  • Author  (slug: ‘author’)  – somebody who can publish and manage their own posts.
  • Contributor (slug: ‘contributor’) – somebody who can write and manage their own posts but cannot publish them.
  • Subscriber (slug: ‘subscriber’) – somebody who can only manage their profile.

Upon installing WordPress, an Administrator account is automatically created.

The default role for new users can be set in Administration Screens > Settings > General.

トップ ↑

Roles Roles

A Role defines a set of tasks a user assigned the role is allowed to perform. For instance, the Super Admin role encompasses every possible task that can be performed within a Network of virtual WordPress sites. The Administrator role limits the allowed tasks only to those which affect a single site. On the other hand, the Author role allows the execution of just a small subset of tasks.

The following sections list the default Roles and their capabilities:

Super Admin Super Admin

Multisite Super Admins have, by default, all capabilities. The following Multisite-only capabilities are therefore only available to Super Admins:

In the case of single site WordPress installation, Administrators are, in effect, Super Admins. As such, they are the only ones to have access to additional admin capabilities.

トップ ↑

Administrator Administrator

The capabilities of Administrators differs between single site and Multisite WordPress installations. All administrators have the following capabilities:

Additional Admin Capabilities Additional Admin Capabilities

Only Administrators of single site installations have the following capabilities. In Multisite, only the Super Admin has these abilities:

トップ ↑

Editor Editor

トップ ↑

Author Author

トップ ↑

Contributor Contributor

トップ ↑

Subscriber Subscriber

トップ ↑

Special Cases Special Cases

The following capabilities are special cases:

  • unfiltered_upload – This capability is not available to any role by default (including Super Admins). The capability needs to be enabled by defining the following constant:
define( 'ALLOW_UNFILTERED_UPLOADS', true );

With this constant defined, all roles on a single site install can be given the unfiltered_upload capability, but only Super Admins can be given the capability on a Multisite install.

トップ ↑

Capability vs. Role Table Capability vs. Role Table

Note that the capabilities of Administrators differs between single site and Multisite WordPress installations, as described above .

CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
create_sitesY
delete_sitesY
manage_networkY
manage_sitesY
manage_network_usersY
manage_network_pluginsY
manage_network_themesY
manage_network_optionsY
upload_pluginsY
upload_themesY
upgrade_networkY
setup_networkY
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
activate_pluginsYY (single site or enabled by network setting)
create_usersYY (single site)
delete_pluginsYY (single site)
delete_themesYY (single site)
delete_usersYY (single site)
edit_filesYY (single site)
edit_pluginsYY (single site)
edit_theme_optionsYY
edit_themesYY (single site)
edit_usersYY (single site)
exportYY
importYY
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
install_pluginsYY (single site)
install_themesYY (single site)
list_usersYY
manage_optionsYY
promote_usersYY
remove_usersYY
switch_themesYY
update_coreYY (single site)
update_pluginsYY (single site)
update_themesYY (single site)
edit_dashboardYY
customizeYY
delete_siteYY
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
moderate_commentsYYY
manage_categoriesYYY
manage_linksYYY
edit_others_postsYYY
edit_pagesYYY
edit_others_pagesYYY
edit_published_pagesYYY
publish_pagesYYY
delete_pagesYYY
delete_others_pagesYYY
delete_published_pagesYYY
delete_others_postsYYY
delete_private_postsYYY
edit_private_postsYYY
read_private_postsYYY
delete_private_pagesYYY
edit_private_pagesYYY
read_private_pagesYYY
unfiltered_htmlYY (single site)Y (single site)
unfiltered_htmlYYY
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
edit_published_postsYYYY
upload_filesYYYY
publish_postsYYYY
delete_published_postsYYYY
edit_postsYYYYY
delete_postsYYYYY
CapabilitySuper AdminAdministratorEditorAuthorContributorSubscriber
readYYYYYY

トップ ↑

Capabilities Capabilities

トップ ↑

switch_themes switch_themes

トップ ↑

edit_themes edit_themes

  • Since 2.0
  • Allows access to Appearance > Theme Editor to edit theme files.

トップ ↑

edit_theme_options edit_theme_options

トップ ↑

install_themes install_themes

トップ ↑

activate_plugins activate_plugins

トップ ↑

edit_plugins edit_plugins

トップ ↑

install_plugins install_plugins

トップ ↑

edit_users edit_users

トップ ↑

edit_files edit_files

  • Since 2.0
  • Note: No longer used.

トップ ↑

manage_options manage_options

  • Since 2.0
  • Allows access to Administration Screens options:
    • Settings > General
    • Settings > Writing
    • Settings > Reading
    • Settings > Discussion
    • Settings > Permalinks
    • Settings > Miscellaneous

トップ ↑

moderate_comments moderate_comments

  • Since 2.0
  • Allows users to moderate comments from the Comments Screen (although a user needs the edit_posts Capability in order to access this)

トップ ↑

manage_categories manage_categories

トップ ↑

トップ ↑

upload_files upload_files

トップ ↑

import import

トップ ↑

unfiltered_html unfiltered_html

  • Since 2.0
  • Allows user to post HTML markup or even JavaScript code in pages, posts, comments and widgets.
  • Note: Enabling this option for untrusted users may result in their posting malicious or poorly formatted code.
  • Note: In WordPress Multisite, only Super Admins have the unfiltered_html capability.

トップ ↑

edit_posts edit_posts

  • Since 2.0
  • Allows access to Administration Screens options:
    • Posts
    • Posts > Add New
    • Comments
    • Comments > Awaiting Moderation

トップ ↑

edit_others_posts edit_others_posts

  • Since 2.0
  • Allows access to Administration Screens options:
    • Manage > Comments (Lets user delete and edit every comment, see edit_posts above)
  • user can edit other users’ posts through function get_others_drafts()
  • user can see other users’ images in inline-uploading [no? see inline-uploading.php]
  • See Exceptions

トップ ↑

edit_published_posts edit_published_posts

  • Since 2.0
  • User can edit their published posts. This capability is off by default.
  • The core checks the capability edit_posts, but on demand this check is changed to edit_published_posts.
  • If you don’t want a user to be able to edit their published posts, remove this capability.

トップ ↑

publish_posts publish_posts

  • Since 2.0
  • See and use the “publish” button when editing their post (otherwise they can only save drafts)
  • Can use XML-RPC to publish (otherwise they get a “Sorry, you can not post on this weblog or category.”)

トップ ↑

edit_pages edit_pages

トップ ↑

read read

トップ ↑

publish_pages publish_pages

  • Since 2.1

トップ ↑

edit_others_pages edit_others_pages

  • Since 2.1

トップ ↑

edit_published_pages edit_published_pages

  • Since 2.1

トップ ↑

delete_pages delete_pages

  • Since 2.1

トップ ↑

delete_others_pages delete_others_pages

  • Since 2.1

トップ ↑

delete_published_pages delete_published_pages

  • Since 2.1

トップ ↑

delete_posts delete_posts

  • Since 2.1

トップ ↑

delete_others_posts delete_others_posts

  • Since 2.1

トップ ↑

delete_published_posts delete_published_posts

  • Since 2.1

トップ ↑

delete_private_posts delete_private_posts

  • Since 2.1

トップ ↑

edit_private_posts edit_private_posts

  • Since 2.1

トップ ↑

read_private_posts read_private_posts

  • Since 2.1

トップ ↑

delete_private_pages delete_private_pages

  • Since 2.1

トップ ↑

edit_private_pages edit_private_pages

  • Since 2.1

トップ ↑

read_private_pages read_private_pages

  • Since 2.1

トップ ↑

delete_users delete_users

  • Since 2.1

トップ ↑

create_users create_users

  • Since 2.1
  • Allows creating new users.

トップ ↑

unfiltered_upload unfiltered_upload

  • Since 2.3

トップ ↑

edit_dashboard edit_dashboard

  • Since 2.5

トップ ↑

customize customize

  • Since 4.0
  • Allows access to the Customizer. 

トップ ↑

delete_site delete_site

  • Since 4.0
  • Allows the user to delete the current site (Multisite only).

トップ ↑

update_plugins update_plugins

  • Since 2.6

トップ ↑

delete_plugins delete_plugins

  • Since 2.6

トップ ↑

update_themes update_themes

  • Since 2.7

トップ ↑

update_core update_core

  • Since 3.0

トップ ↑

list_users list_users

トップ ↑

remove_users remove_users

  • Since 3.0

トップ ↑

add_users add_users

トップ ↑

promote_users promote_users

  • Since 3.0
  • Enables the “Change role to…” dropdown in the admin user list.
    • This does not depend on ‘edit_users‘ capability.
  • Enables the ‘Add Existing User’ to function for multi-site installs.

トップ ↑

delete_themes delete_themes

  • Since 3.0

トップ ↑

export export

  • Since 3.0

トップ ↑

edit_comment edit_comment

  • Since 3.1

トップ ↑

create_sites create_sites

  • Since 3.1
  • Multi-site only
  • Allows user to create sites on the network

トップ ↑

delete_sites delete_sites

  • Since 3.1
  • Multi-site only
  • Allows user to delete sites on the network

トップ ↑

manage_network manage_network

  • Since 3.0
  • Multi-site only
  • Allows access to Super Admin menu
  • Allows user to upgrade network

トップ ↑

manage_sites manage_sites

  • Since 3.0
  • Multi-site only
  • Allows access to Network Sites menu
  • Allows user to add, edit, delete, archive, unarchive, activate, deactivate, spam and unspam new site/blog in the network

トップ ↑

manage_network_users manage_network_users

トップ ↑

manage_network_themes manage_network_themes

トップ ↑

manage_network_options manage_network_options

トップ ↑

manage_network_plugins manage_network_plugins

トップ ↑

upload_plugins upload_plugins

  • Since 4.0
  • Multi-site only
  • Allows user to upload plugin ZIP files from the Network Plugins -> Add New menu

トップ ↑

upload_themes upload_themes

  • Since 4.0
  • Multi-site only
  • Allows user to upload theme ZIP files from the Network Themes -> Add New menu

トップ ↑

upgrade_network upgrade_network

  • Since 4.8
  • Multi-site only
  • is used to determine whether a user can access the Network Upgrade page in the network admin. Related to this, the capability is also checked to determine whether to show the notice that a network upgrade is required. The capability is not mapped, so it is only granted to network administrators. See #39205 for background discussion.

トップ ↑

setup_network setup_network

  • Since 4.8
  • Multi-site only
  • is used to determine whether a user can setup multisite, i.e. access the Network Setup page. Before setting up a multisite, the capability is mapped to the `manage_options` capability, so that it is granted to administrators. Once multisite is setup, it is mapped to `manage_network_options`, so that it is granted to network administrators. See #39206 for background discussion.

トップ ↑

Resources Resources

トップ ↑

Plugins Plugins

トップ ↑

Information Information